Also demonstrates how pointless that theater was.

A lot of GOOD malware don't "sniff keys" because that gives them random stream of garbage that has little value. No human is going to sit there and hand-decipher that garbage. Instead, they either inject browser extensions, intercept at the Win32 layer, or intercept the HTTP traffic upstream of the browser giving them the raw form-fields with URL which can be packaged and sold.

So all TreasuryDirect was doing, when they were doing this, was inconveniencing real people while the malware didn't even notice. Utterly insane. Glad someone had them quit it.

a lot of efforts to prevent malpractice are like this. Anti-piracy software only really hurts paying customers for example.

These days I'd be scared that fails some biometric spyware and gets your entire account instantly banned+deleted with no recourse.

I found some sites recently that have big ASCII banners in the console log when you open devtools telling you to stop being naughty.

Yeah, you could just delete "readonly" from the input, then try the password manager autofill again. Thankfully no longer necessary.